website guardian Website GUARDIAN

Why We Say NO to Website Virus Scanners


Published: October 12, 2012
Author: Rich Agnew

When it comes to website security, most security companies & Hosting Companies use website virus scanners. In most cases, these scanners are not very effective and give a false sense of security to the website owner.

Website Virus scanners confuse the average website owner because they are used to using desktop virus scanners to keep their computers clean. For your desktop computer this works very well, but your website doesn't behave in the same way. A desktop virus scanner checks your computer for very specific files, file signatures and / or behaviors. These signatures get updated on a daily or weekly basis from the software company. This system seems to work well in the case where your desktop virus software finds a problem and the desktop scanner can fix it right away.

A website virus scanner only gives you the illusion that your website is being protected. Here is why: Website virus/malware code in a lot of cases is almost impossible to distinguish between something that belongs there and something that has been put there by hackers. Therefore the scanner doesn't prevent you from being hacked, it just lets you know after the fact. Even if virus/malware code is discovered, the website virus software cannot remove the bad code. You still need someone experienced to fix the site properly.

The website virus scanner does nothing to actually secure your website. The hackers will still get in and your site will still get black listed from Google. When that happens Google or your Host Company will tell you that you have been black listed.

Since the website virus scanner(s) are not very good at finding Malware and cannot fix the malware that they do find, then they do NOT have any real value at all.

The only real solution is to secure your website properly using tried and true methods so that hackers cannot get in to begin with:

Here are some methods to secure your website:

  • Ten digit random passwords for your hosting C-Panel and your FTP account(s).
  • Limit who has access to your website FTP & C-Panel.
  • Remove any old FTP accounts.
  • Change all passwords after an employee or developer has moved on.
  • Keep your desktop clean and secure so that passwords do NOT get stolen from your work station.
  • Make sure your host is using the latest versions of php / mySQL / Apache and other website server software.
  • Keep your website platform software updated to the latest versions and security patches.
  • Use a powerful website security software that protects your site by slamming the door on hackers.

Category: virus scanners, website security,